<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
  "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html xmlns="http://www.w3.org/1999/xhtml">
  <head>
    <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
    
    <title>File Uploads &mdash; Django 1.7.8.dev20150401230226 documentation</title>
    
    <link rel="stylesheet" href="../../_static/default.css" type="text/css" />
    <link rel="stylesheet" href="../../_static/pygments.css" type="text/css" />
    
    <script type="text/javascript">
      var DOCUMENTATION_OPTIONS = {
        URL_ROOT:    '../../',
        VERSION:     '1.7.8.dev20150401230226',
        COLLAPSE_INDEX: false,
        FILE_SUFFIX: '.html',
        HAS_SOURCE:  true
      };
    </script>
    <script type="text/javascript" src="../../_static/jquery.js"></script>
    <script type="text/javascript" src="../../_static/underscore.js"></script>
    <script type="text/javascript" src="../../_static/doctools.js"></script>
    <link rel="top" title="Django 1.7.8.dev20150401230226 documentation" href="../../index.html" />
    <link rel="up" title="Handling HTTP requests" href="index.html" />
    <link rel="next" title="Django shortcut functions" href="shortcuts.html" />
    <link rel="prev" title="View decorators" href="decorators.html" />



 
<script type="text/javascript" src="../../templatebuiltins.js"></script>
<script type="text/javascript">
(function($) {
    if (!django_template_builtins) {
       // templatebuiltins.js missing, do nothing.
       return;
    }
    $(document).ready(function() {
        // Hyperlink Django template tags and filters
        var base = "../../ref/templates/builtins.html";
        if (base == "#") {
            // Special case for builtins.html itself
            base = "";
        }
        // Tags are keywords, class '.k'
        $("div.highlight\\-html\\+django span.k").each(function(i, elem) {
             var tagname = $(elem).text();
             if ($.inArray(tagname, django_template_builtins.ttags) != -1) {
                 var fragment = tagname.replace(/_/, '-');
                 $(elem).html("<a href='" + base + "#" + fragment + "'>" + tagname + "</a>");
             }
        });
        // Filters are functions, class '.nf'
        $("div.highlight\\-html\\+django span.nf").each(function(i, elem) {
             var filtername = $(elem).text();
             if ($.inArray(filtername, django_template_builtins.tfilters) != -1) {
                 var fragment = filtername.replace(/_/, '-');
                 $(elem).html("<a href='" + base + "#" + fragment + "'>" + filtername + "</a>");
             }
        });
    });
})(jQuery);
</script>


  </head>
  <body>

    <div class="document">
  <div id="custom-doc" class="yui-t6">
    <div id="hd">
      <h1><a href="../../index.html">Django 1.7.8.dev20150401230226 documentation</a></h1>
      <div id="global-nav">
        <a title="Home page" href="../../index.html">Home</a>  |
        <a title="Table of contents" href="../../contents.html">Table of contents</a>  |
        <a title="Global index" href="../../genindex.html">Index</a>  |
        <a title="Module index" href="../../py-modindex.html">Modules</a>
      </div>
      <div class="nav">
    &laquo; <a href="decorators.html" title="View decorators">previous</a>
     |
    <a href="../index.html" title="Using Django" accesskey="U">up</a>
   |
    <a href="shortcuts.html" title="Django shortcut functions">next</a> &raquo;</div>
    </div>

    <div id="bd">
      <div id="yui-main">
        <div class="yui-b">
          <div class="yui-g" id="topics-http-file-uploads">
            
  <div class="section" id="s-file-uploads">
<span id="file-uploads"></span><h1>File Uploads<a class="headerlink" href="#file-uploads" title="Permalink to this headline">¶</a></h1>
<p>When Django handles a file upload, the file data ends up placed in
<a class="reference internal" href="../../ref/request-response.html#django.http.HttpRequest.FILES" title="django.http.HttpRequest.FILES"><tt class="xref py py-attr docutils literal"><span class="pre">request.FILES</span></tt></a> (for more on the
<tt class="docutils literal"><span class="pre">request</span></tt> object see the documentation for <a class="reference internal" href="../../ref/request-response.html"><em>request and response objects</em></a>). This document explains how files are stored on disk
and in memory, and how to customize the default behavior.</p>
<div class="admonition warning">
<p class="first admonition-title">Warning</p>
<p class="last">There are security risks if you are accepting uploaded content from
untrusted users! See the security guide&#8217;s topic on
<a class="reference internal" href="../security.html#user-uploaded-content-security"><em>User-uploaded content</em></a> for mitigation details.</p>
</div>
<div class="section" id="s-basic-file-uploads">
<span id="basic-file-uploads"></span><h2>Basic file uploads<a class="headerlink" href="#basic-file-uploads" title="Permalink to this headline">¶</a></h2>
<p>Consider a simple form containing a <a class="reference internal" href="../../ref/forms/fields.html#django.forms.FileField" title="django.forms.FileField"><tt class="xref py py-class docutils literal"><span class="pre">FileField</span></tt></a>:</p>
<div class="highlight-python"><div class="highlight"><pre><span class="c"># In forms.py...</span>
<span class="kn">from</span> <span class="nn">django</span> <span class="kn">import</span> <span class="n">forms</span>

<span class="k">class</span> <span class="nc">UploadFileForm</span><span class="p">(</span><span class="n">forms</span><span class="o">.</span><span class="n">Form</span><span class="p">):</span>
    <span class="n">title</span> <span class="o">=</span> <span class="n">forms</span><span class="o">.</span><span class="n">CharField</span><span class="p">(</span><span class="n">max_length</span><span class="o">=</span><span class="mi">50</span><span class="p">)</span>
    <span class="nb">file</span> <span class="o">=</span> <span class="n">forms</span><span class="o">.</span><span class="n">FileField</span><span class="p">()</span>
</pre></div>
</div>
<p>A view handling this form will receive the file data in
<a class="reference internal" href="../../ref/request-response.html#django.http.HttpRequest.FILES" title="django.http.HttpRequest.FILES"><tt class="xref py py-attr docutils literal"><span class="pre">request.FILES</span></tt></a>, which is a dictionary
containing a key for each <a class="reference internal" href="../../ref/forms/fields.html#django.forms.FileField" title="django.forms.FileField"><tt class="xref py py-class docutils literal"><span class="pre">FileField</span></tt></a> (or
<a class="reference internal" href="../../ref/forms/fields.html#django.forms.ImageField" title="django.forms.ImageField"><tt class="xref py py-class docutils literal"><span class="pre">ImageField</span></tt></a>, or other <a class="reference internal" href="../../ref/forms/fields.html#django.forms.FileField" title="django.forms.FileField"><tt class="xref py py-class docutils literal"><span class="pre">FileField</span></tt></a>
subclass) in the form. So the data from the above form would
be accessible as <tt class="docutils literal"><span class="pre">request.FILES['file']</span></tt>.</p>
<p>Note that <a class="reference internal" href="../../ref/request-response.html#django.http.HttpRequest.FILES" title="django.http.HttpRequest.FILES"><tt class="xref py py-attr docutils literal"><span class="pre">request.FILES</span></tt></a> will only
contain data if the request method was <tt class="docutils literal"><span class="pre">POST</span></tt> and the <tt class="docutils literal"><span class="pre">&lt;form&gt;</span></tt> that posted
the request has the attribute <tt class="docutils literal"><span class="pre">enctype=&quot;multipart/form-data&quot;</span></tt>. Otherwise,
<tt class="docutils literal"><span class="pre">request.FILES</span></tt> will be empty.</p>
<p>Most of the time, you&#8217;ll simply pass the file data from <tt class="docutils literal"><span class="pre">request</span></tt> into the
form as described in <a class="reference internal" href="../../ref/forms/api.html#binding-uploaded-files"><em>Binding uploaded files to a form</em></a>. This would look
something like:</p>
<div class="highlight-python"><div class="highlight"><pre><span class="kn">from</span> <span class="nn">django.http</span> <span class="kn">import</span> <span class="n">HttpResponseRedirect</span>
<span class="kn">from</span> <span class="nn">django.shortcuts</span> <span class="kn">import</span> <span class="n">render_to_response</span>
<span class="kn">from</span> <span class="nn">.forms</span> <span class="kn">import</span> <span class="n">UploadFileForm</span>

<span class="c"># Imaginary function to handle an uploaded file.</span>
<span class="kn">from</span> <span class="nn">somewhere</span> <span class="kn">import</span> <span class="n">handle_uploaded_file</span>

<span class="k">def</span> <span class="nf">upload_file</span><span class="p">(</span><span class="n">request</span><span class="p">):</span>
    <span class="k">if</span> <span class="n">request</span><span class="o">.</span><span class="n">method</span> <span class="o">==</span> <span class="s">&#39;POST&#39;</span><span class="p">:</span>
        <span class="n">form</span> <span class="o">=</span> <span class="n">UploadFileForm</span><span class="p">(</span><span class="n">request</span><span class="o">.</span><span class="n">POST</span><span class="p">,</span> <span class="n">request</span><span class="o">.</span><span class="n">FILES</span><span class="p">)</span>
        <span class="k">if</span> <span class="n">form</span><span class="o">.</span><span class="n">is_valid</span><span class="p">():</span>
            <span class="n">handle_uploaded_file</span><span class="p">(</span><span class="n">request</span><span class="o">.</span><span class="n">FILES</span><span class="p">[</span><span class="s">&#39;file&#39;</span><span class="p">])</span>
            <span class="k">return</span> <span class="n">HttpResponseRedirect</span><span class="p">(</span><span class="s">&#39;/success/url/&#39;</span><span class="p">)</span>
    <span class="k">else</span><span class="p">:</span>
        <span class="n">form</span> <span class="o">=</span> <span class="n">UploadFileForm</span><span class="p">()</span>
    <span class="k">return</span> <span class="n">render_to_response</span><span class="p">(</span><span class="s">&#39;upload.html&#39;</span><span class="p">,</span> <span class="p">{</span><span class="s">&#39;form&#39;</span><span class="p">:</span> <span class="n">form</span><span class="p">})</span>
</pre></div>
</div>
<p>Notice that we have to pass <a class="reference internal" href="../../ref/request-response.html#django.http.HttpRequest.FILES" title="django.http.HttpRequest.FILES"><tt class="xref py py-attr docutils literal"><span class="pre">request.FILES</span></tt></a>
into the form&#8217;s constructor; this is how file data gets bound into a form.</p>
<p>Here&#8217;s a common way you might handle an uploaded file:</p>
<div class="highlight-python"><div class="highlight"><pre><span class="k">def</span> <span class="nf">handle_uploaded_file</span><span class="p">(</span><span class="n">f</span><span class="p">):</span>
    <span class="k">with</span> <span class="nb">open</span><span class="p">(</span><span class="s">&#39;some/file/name.txt&#39;</span><span class="p">,</span> <span class="s">&#39;wb+&#39;</span><span class="p">)</span> <span class="k">as</span> <span class="n">destination</span><span class="p">:</span>
        <span class="k">for</span> <span class="n">chunk</span> <span class="ow">in</span> <span class="n">f</span><span class="o">.</span><span class="n">chunks</span><span class="p">():</span>
            <span class="n">destination</span><span class="o">.</span><span class="n">write</span><span class="p">(</span><span class="n">chunk</span><span class="p">)</span>
</pre></div>
</div>
<p>Looping over <tt class="docutils literal"><span class="pre">UploadedFile.chunks()</span></tt> instead of using <tt class="docutils literal"><span class="pre">read()</span></tt> ensures that
large files don&#8217;t overwhelm your system&#8217;s memory.</p>
<p>There are a few other methods and attributes available on <tt class="docutils literal"><span class="pre">UploadedFile</span></tt>
objects; see <a class="reference internal" href="../../ref/files/uploads.html#django.core.files.uploadedfile.UploadedFile" title="django.core.files.uploadedfile.UploadedFile"><tt class="xref py py-class docutils literal"><span class="pre">UploadedFile</span></tt></a> for a complete reference.</p>
<div class="section" id="s-handling-uploaded-files-with-a-model">
<span id="handling-uploaded-files-with-a-model"></span><h3>Handling uploaded files with a model<a class="headerlink" href="#handling-uploaded-files-with-a-model" title="Permalink to this headline">¶</a></h3>
<p>If you&#8217;re saving a file on a <a class="reference internal" href="../../ref/models/instances.html#django.db.models.Model" title="django.db.models.Model"><tt class="xref py py-class docutils literal"><span class="pre">Model</span></tt></a> with a
<a class="reference internal" href="../../ref/models/fields.html#django.db.models.FileField" title="django.db.models.FileField"><tt class="xref py py-class docutils literal"><span class="pre">FileField</span></tt></a>, using a <a class="reference internal" href="../forms/modelforms.html#django.forms.ModelForm" title="django.forms.ModelForm"><tt class="xref py py-class docutils literal"><span class="pre">ModelForm</span></tt></a>
makes this process much easier. The file object will be saved to the location
specified by the <a class="reference internal" href="../../ref/models/fields.html#django.db.models.FileField.upload_to" title="django.db.models.FileField.upload_to"><tt class="xref py py-attr docutils literal"><span class="pre">upload_to</span></tt></a> argument of the
corresponding <a class="reference internal" href="../../ref/models/fields.html#django.db.models.FileField" title="django.db.models.FileField"><tt class="xref py py-class docutils literal"><span class="pre">FileField</span></tt></a> when calling
<tt class="docutils literal"><span class="pre">form.save()</span></tt>:</p>
<div class="highlight-python"><div class="highlight"><pre><span class="kn">from</span> <span class="nn">django.http</span> <span class="kn">import</span> <span class="n">HttpResponseRedirect</span>
<span class="kn">from</span> <span class="nn">django.shortcuts</span> <span class="kn">import</span> <span class="n">render</span>
<span class="kn">from</span> <span class="nn">.forms</span> <span class="kn">import</span> <span class="n">ModelFormWithFileField</span>

<span class="k">def</span> <span class="nf">upload_file</span><span class="p">(</span><span class="n">request</span><span class="p">):</span>
    <span class="k">if</span> <span class="n">request</span><span class="o">.</span><span class="n">method</span> <span class="o">==</span> <span class="s">&#39;POST&#39;</span><span class="p">:</span>
        <span class="n">form</span> <span class="o">=</span> <span class="n">ModelFormWithFileField</span><span class="p">(</span><span class="n">request</span><span class="o">.</span><span class="n">POST</span><span class="p">,</span> <span class="n">request</span><span class="o">.</span><span class="n">FILES</span><span class="p">)</span>
        <span class="k">if</span> <span class="n">form</span><span class="o">.</span><span class="n">is_valid</span><span class="p">():</span>
            <span class="c"># file is saved</span>
            <span class="n">form</span><span class="o">.</span><span class="n">save</span><span class="p">()</span>
            <span class="k">return</span> <span class="n">HttpResponseRedirect</span><span class="p">(</span><span class="s">&#39;/success/url/&#39;</span><span class="p">)</span>
    <span class="k">else</span><span class="p">:</span>
        <span class="n">form</span> <span class="o">=</span> <span class="n">ModelFormWithFileField</span><span class="p">()</span>
    <span class="k">return</span> <span class="n">render</span><span class="p">(</span><span class="n">request</span><span class="p">,</span> <span class="s">&#39;upload.html&#39;</span><span class="p">,</span> <span class="p">{</span><span class="s">&#39;form&#39;</span><span class="p">:</span> <span class="n">form</span><span class="p">})</span>
</pre></div>
</div>
<p>If you are constructing an object manually, you can simply assign the file
object from <a class="reference internal" href="../../ref/request-response.html#django.http.HttpRequest.FILES" title="django.http.HttpRequest.FILES"><tt class="xref py py-attr docutils literal"><span class="pre">request.FILES</span></tt></a> to the file
field in the model:</p>
<div class="highlight-python"><div class="highlight"><pre><span class="kn">from</span> <span class="nn">django.http</span> <span class="kn">import</span> <span class="n">HttpResponseRedirect</span>
<span class="kn">from</span> <span class="nn">django.shortcuts</span> <span class="kn">import</span> <span class="n">render</span>
<span class="kn">from</span> <span class="nn">.forms</span> <span class="kn">import</span> <span class="n">UploadFileForm</span>
<span class="kn">from</span> <span class="nn">.models</span> <span class="kn">import</span> <span class="n">ModelWithFileField</span>

<span class="k">def</span> <span class="nf">upload_file</span><span class="p">(</span><span class="n">request</span><span class="p">):</span>
    <span class="k">if</span> <span class="n">request</span><span class="o">.</span><span class="n">method</span> <span class="o">==</span> <span class="s">&#39;POST&#39;</span><span class="p">:</span>
        <span class="n">form</span> <span class="o">=</span> <span class="n">UploadFileForm</span><span class="p">(</span><span class="n">request</span><span class="o">.</span><span class="n">POST</span><span class="p">,</span> <span class="n">request</span><span class="o">.</span><span class="n">FILES</span><span class="p">)</span>
        <span class="k">if</span> <span class="n">form</span><span class="o">.</span><span class="n">is_valid</span><span class="p">():</span>
            <span class="n">instance</span> <span class="o">=</span> <span class="n">ModelWithFileField</span><span class="p">(</span><span class="n">file_field</span><span class="o">=</span><span class="n">request</span><span class="o">.</span><span class="n">FILES</span><span class="p">[</span><span class="s">&#39;file&#39;</span><span class="p">])</span>
            <span class="n">instance</span><span class="o">.</span><span class="n">save</span><span class="p">()</span>
            <span class="k">return</span> <span class="n">HttpResponseRedirect</span><span class="p">(</span><span class="s">&#39;/success/url/&#39;</span><span class="p">)</span>
    <span class="k">else</span><span class="p">:</span>
        <span class="n">form</span> <span class="o">=</span> <span class="n">UploadFileForm</span><span class="p">()</span>
    <span class="k">return</span> <span class="n">render</span><span class="p">(</span><span class="n">request</span><span class="p">,</span> <span class="s">&#39;upload.html&#39;</span><span class="p">,</span> <span class="p">{</span><span class="s">&#39;form&#39;</span><span class="p">:</span> <span class="n">form</span><span class="p">})</span>
</pre></div>
</div>
</div>
</div>
<div class="section" id="s-upload-handlers">
<span id="upload-handlers"></span><h2>Upload Handlers<a class="headerlink" href="#upload-handlers" title="Permalink to this headline">¶</a></h2>
<p>When a user uploads a file, Django passes off the file data to an <em>upload
handler</em> &#8211; a small class that handles file data as it gets uploaded. Upload
handlers are initially defined in the <a class="reference internal" href="../../ref/settings.html#std:setting-FILE_UPLOAD_HANDLERS"><tt class="xref std std-setting docutils literal"><span class="pre">FILE_UPLOAD_HANDLERS</span></tt></a> setting,
which defaults to:</p>
<div class="highlight-python"><div class="highlight"><pre><span class="p">(</span><span class="s">&quot;django.core.files.uploadhandler.MemoryFileUploadHandler&quot;</span><span class="p">,</span>
 <span class="s">&quot;django.core.files.uploadhandler.TemporaryFileUploadHandler&quot;</span><span class="p">,)</span>
</pre></div>
</div>
<p>Together <a class="reference internal" href="../../ref/files/uploads.html#django.core.files.uploadhandler.MemoryFileUploadHandler" title="django.core.files.uploadhandler.MemoryFileUploadHandler"><tt class="xref py py-class docutils literal"><span class="pre">MemoryFileUploadHandler</span></tt></a> and
<a class="reference internal" href="../../ref/files/uploads.html#django.core.files.uploadhandler.TemporaryFileUploadHandler" title="django.core.files.uploadhandler.TemporaryFileUploadHandler"><tt class="xref py py-class docutils literal"><span class="pre">TemporaryFileUploadHandler</span></tt></a> provide Django&#8217;s default file upload
behavior of reading small files into memory and large ones onto disk.</p>
<p>You can write custom handlers that customize how Django handles files. You
could, for example, use custom handlers to enforce user-level quotas, compress
data on the fly, render progress bars, and even send data to another storage
location directly without storing it locally. See <a class="reference internal" href="../../ref/files/uploads.html#custom-upload-handlers"><em>Writing custom upload handlers</em></a>
for details on how you can customize or completely replace upload behavior.</p>
<div class="section" id="s-where-uploaded-data-is-stored">
<span id="s-modifying-upload-handlers-on-the-fly"></span><span id="where-uploaded-data-is-stored"></span><span id="modifying-upload-handlers-on-the-fly"></span><h3>Where uploaded data is stored<a class="headerlink" href="#where-uploaded-data-is-stored" title="Permalink to this headline">¶</a></h3>
<p>Before you save uploaded files, the data needs to be stored somewhere.</p>
<p>By default, if an uploaded file is smaller than 2.5 megabytes, Django will hold
the entire contents of the upload in memory. This means that saving the file
involves only a read from memory and a write to disk and thus is very fast.</p>
<p>However, if an uploaded file is too large, Django will write the uploaded file
to a temporary file stored in your system&#8217;s temporary directory. On a Unix-like
platform this means you can expect Django to generate a file called something
like <tt class="docutils literal"><span class="pre">/tmp/tmpzfp6I6.upload</span></tt>. If an upload is large enough, you can watch this
file grow in size as Django streams the data onto disk.</p>
<p>These specifics &#8211; 2.5 megabytes; <tt class="docutils literal"><span class="pre">/tmp</span></tt>; etc. &#8211; are simply &#8220;reasonable
defaults&#8221; which can be customized as described in the next section.</p>
</div>
<div class="section" id="s-changing-upload-handler-behavior">
<span id="changing-upload-handler-behavior"></span><h3>Changing upload handler behavior<a class="headerlink" href="#changing-upload-handler-behavior" title="Permalink to this headline">¶</a></h3>
<p>There are a few settings which control Django&#8217;s file upload behavior. See
<a class="reference internal" href="../../ref/settings.html#file-upload-settings"><em>File Upload Settings</em></a> for details.</p>
</div>
<div class="section" id="s-id1">
<span id="id1"></span><h3>Modifying upload handlers on the fly<a class="headerlink" href="#id1" title="Permalink to this headline">¶</a></h3>
<p>Sometimes particular views require different upload behavior. In these cases,
you can override upload handlers on a per-request basis by modifying
<tt class="docutils literal"><span class="pre">request.upload_handlers</span></tt>. By default, this list will contain the upload
handlers given by <a class="reference internal" href="../../ref/settings.html#std:setting-FILE_UPLOAD_HANDLERS"><tt class="xref std std-setting docutils literal"><span class="pre">FILE_UPLOAD_HANDLERS</span></tt></a>, but you can modify the list
as you would any other list.</p>
<p>For instance, suppose you&#8217;ve written a <tt class="docutils literal"><span class="pre">ProgressBarUploadHandler</span></tt> that
provides feedback on upload progress to some sort of AJAX widget. You&#8217;d add this
handler to your upload handlers like this:</p>
<div class="highlight-python"><div class="highlight"><pre><span class="n">request</span><span class="o">.</span><span class="n">upload_handlers</span><span class="o">.</span><span class="n">insert</span><span class="p">(</span><span class="mi">0</span><span class="p">,</span> <span class="n">ProgressBarUploadHandler</span><span class="p">())</span>
</pre></div>
</div>
<p>You&#8217;d probably want to use <tt class="docutils literal"><span class="pre">list.insert()</span></tt> in this case (instead of
<tt class="docutils literal"><span class="pre">append()</span></tt>) because a progress bar handler would need to run <em>before</em> any
other handlers. Remember, the upload handlers are processed in order.</p>
<p>If you want to replace the upload handlers completely, you can just assign a new
list:</p>
<div class="highlight-python"><div class="highlight"><pre><span class="n">request</span><span class="o">.</span><span class="n">upload_handlers</span> <span class="o">=</span> <span class="p">[</span><span class="n">ProgressBarUploadHandler</span><span class="p">()]</span>
</pre></div>
</div>
<div class="admonition note">
<p class="first admonition-title">Note</p>
<p>You can only modify upload handlers <em>before</em> accessing
<tt class="docutils literal"><span class="pre">request.POST</span></tt> or <tt class="docutils literal"><span class="pre">request.FILES</span></tt> &#8211; it doesn&#8217;t make sense to
change upload handlers after upload handling has already
started. If you try to modify <tt class="docutils literal"><span class="pre">request.upload_handlers</span></tt> after
reading from <tt class="docutils literal"><span class="pre">request.POST</span></tt> or <tt class="docutils literal"><span class="pre">request.FILES</span></tt> Django will
throw an error.</p>
<p>Thus, you should always modify uploading handlers as early in your view as
possible.</p>
<p>Also, <tt class="docutils literal"><span class="pre">request.POST</span></tt> is accessed by
<a class="reference internal" href="../../ref/middleware.html#django.middleware.csrf.CsrfViewMiddleware" title="django.middleware.csrf.CsrfViewMiddleware"><tt class="xref py py-class docutils literal"><span class="pre">CsrfViewMiddleware</span></tt></a> which is enabled by
default. This means you will need to use
<a class="reference internal" href="../../ref/contrib/csrf.html#django.views.decorators.csrf.csrf_exempt" title="django.views.decorators.csrf.csrf_exempt"><tt class="xref py py-func docutils literal"><span class="pre">csrf_exempt()</span></tt></a> on your view to allow you
to change the upload handlers.  You will then need to use
<a class="reference internal" href="../../ref/contrib/csrf.html#django.views.decorators.csrf.csrf_protect" title="django.views.decorators.csrf.csrf_protect"><tt class="xref py py-func docutils literal"><span class="pre">csrf_protect()</span></tt></a> on the function that
actually processes the request.  Note that this means that the handlers may
start receiving the file upload before the CSRF checks have been done.
Example code:</p>
<div class="last highlight-python"><div class="highlight"><pre><span class="kn">from</span> <span class="nn">django.views.decorators.csrf</span> <span class="kn">import</span> <span class="n">csrf_exempt</span><span class="p">,</span> <span class="n">csrf_protect</span>

<span class="nd">@csrf_exempt</span>
<span class="k">def</span> <span class="nf">upload_file_view</span><span class="p">(</span><span class="n">request</span><span class="p">):</span>
    <span class="n">request</span><span class="o">.</span><span class="n">upload_handlers</span><span class="o">.</span><span class="n">insert</span><span class="p">(</span><span class="mi">0</span><span class="p">,</span> <span class="n">ProgressBarUploadHandler</span><span class="p">())</span>
    <span class="k">return</span> <span class="n">_upload_file_view</span><span class="p">(</span><span class="n">request</span><span class="p">)</span>

<span class="nd">@csrf_protect</span>
<span class="k">def</span> <span class="nf">_upload_file_view</span><span class="p">(</span><span class="n">request</span><span class="p">):</span>
    <span class="o">...</span> <span class="c"># Process request</span>
</pre></div>
</div>
</div>
</div>
</div>
</div>


          </div>
        </div>
      </div>
      
        
          <div class="yui-b" id="sidebar">
            
      <div class="sphinxsidebar">
        <div class="sphinxsidebarwrapper">
  <h3><a href="../../contents.html">Table Of Contents</a></h3>
  <ul>
<li><a class="reference internal" href="#">File Uploads</a><ul>
<li><a class="reference internal" href="#basic-file-uploads">Basic file uploads</a><ul>
<li><a class="reference internal" href="#handling-uploaded-files-with-a-model">Handling uploaded files with a model</a></li>
</ul>
</li>
<li><a class="reference internal" href="#upload-handlers">Upload Handlers</a><ul>
<li><a class="reference internal" href="#where-uploaded-data-is-stored">Where uploaded data is stored</a></li>
<li><a class="reference internal" href="#changing-upload-handler-behavior">Changing upload handler behavior</a></li>
<li><a class="reference internal" href="#id1">Modifying upload handlers on the fly</a></li>
</ul>
</li>
</ul>
</li>
</ul>

  <h3>Browse</h3>
  <ul>
    
      <li>Prev: <a href="decorators.html">View decorators</a></li>
    
    
      <li>Next: <a href="shortcuts.html">Django shortcut functions</a></li>
    
  </ul>
  <h3>You are here:</h3>
  <ul>
      <li>
        <a href="../../index.html">Django 1.7.8.dev20150401230226 documentation</a>
        
          <ul><li><a href="../index.html">Using Django</a>
        
          <ul><li><a href="index.html">Handling HTTP requests</a>
        
        <ul><li>File Uploads</li></ul>
        </li></ul></li></ul>
      </li>
  </ul>

  <h3>This Page</h3>
  <ul class="this-page-menu">
    <li><a href="../../_sources/topics/http/file-uploads.txt"
           rel="nofollow">Show Source</a></li>
  </ul>
<div id="searchbox" style="display: none">
  <h3>Quick search</h3>
    <form class="search" action="../../search.html" method="get">
      <input type="text" name="q" />
      <input type="submit" value="Go" />
      <input type="hidden" name="check_keywords" value="yes" />
      <input type="hidden" name="area" value="default" />
    </form>
    <p class="searchtip" style="font-size: 90%">
    Enter search terms or a module, class or function name.
    </p>
</div>
<script type="text/javascript">$('#searchbox').show(0);</script>
        </div>
      </div>
              <h3>Last update:</h3>
              <p class="topless">Apr 02, 2015</p>
          </div>
        
      
    </div>

    <div id="ft">
      <div class="nav">
    &laquo; <a href="decorators.html" title="View decorators">previous</a>
     |
    <a href="../index.html" title="Using Django" accesskey="U">up</a>
   |
    <a href="shortcuts.html" title="Django shortcut functions">next</a> &raquo;</div>
    </div>
  </div>

      <div class="clearer"></div>
    </div>
  </body>
</html>